the gershon report and it governance - infonomics content/documents/gershon... · ©2008infonomics...

©2008 Infonomics Pty Ltd ACS Victoria 19 November 2008

The Gershon Report and IT Governance

Mark ToomeyManaging Director Infonomics Pty Ltd

Chair, Standards Australia Committee IT-030

Member, ISO/IEC JTC-1 SC-7 WG1A

©2008 Infonomics Pty Ltd ACS Victoria

Gershon’s Terms of Reference

• The terms of reference asked me, amongst a number of issues, to review and report on both the efficiency and effectiveness of the Australian Government‟s current use of ICT, to determine whether the Government is realising the greatest return from its investments in ICT, and to examine whether the right institutional arrangements are in place to maximise the return.

• Is Australia achieving efficient, effective and acceptable use of IT?

19 November, 2008


Gershon’s Conclusion

• At the heart of my findings is a conclusion that … the current model of weak governance of ICT at a whole-of-government level and very high levels of agency autonomy … leads to sub-optimal outcomes in the context of prevailing external trends, financial returns, and the aims and objectives of this Government.

• … I have also found that benefits realisation and the measurement of benefits arising from investments in ICT are areas where there is substantial scope for improvement, together with measuring and improving the efficiency of current ICT operations.

• No it is not, and the problem is with top level direction, not with technical delivery.

19 November, 2008


Gershon’s Recommendations

• … a major program of both administrative reform of, and cultural change from, a status quo where agency autonomy is a longstanding characteristic of the Australian Public Service.

• there are two critical requirements which will determine the success of this reform program:

– firstly, sustained leadership and drive at Ministerial and top official levels and,

– secondly, ensuring the enablers of change are properly resourced, not only in funding terms but also with skills of the right calibre.

• The people at the top will have to (learn to) do things that they have not previously been required to do.

19 November, 2008


Do Gershon’s comments ring true?

• Digital TV to cost Canberra $38m – THE federal government has

announced $37.9 million in funding to drive Australia's transition to digital television.

• Immigration slows release cycles – THE Immigration Department will

reduce release cycles for the $495 million Systems for People project to ease pressure on staff members.

• Defence weak on IT, says chief– AUSTRALIA'S defence acquisition

organisation has … yet to excel at complex computer-related systems, defence head Air Chief Marshal Angus Houston says.

19 November, 2008

October 2005

Tanner's IT razor plans 'ridiculous' By Andrew Fraser Political Correspondent (Canberra Times)

IT professionals have reacted with deep scepticism to Finance Minister Lindsay Tanner's plans for significant Budget savings by ending the "ridiculous" fragmentation and "crazy" duplication of government IT provision.


Gershon’s definition of “IT Governance”

• „Governance is defined as the system by which the current and future use of IT is directed and controlled. It involves evaluating and directing the use of IT to support the organisation and monitoring this use to achieve plans. It includes the strategy and policies for using IT within an organisation‟ (Source: AS 8015-2005 Corporate Governance of ICT). The generally accepted principles of public sector governance according to the Australian National Audit Office (ANAO) include accountability, transparency, integrity, stewardship, efficiency and leadership (Source: ANAO (July 2003), „Better practice guide: Public sector governance and the individual officer‟).

• Use the world-leading IP created in Australia, by Australians

19 November, 2008

©2008 Infonomics Pty Ltd ACS Victoria 19 November, 2008

Getting to grips with Gershon’s message

• Many government IT departments do their job competently– Rigour– Process– Control– Reporting

• But it‟s not just in IT that problems develop:– Use of IT in achieving goals involves business change

• Process• People• Structure• Context

– And necessarily requires that leaders engage fully:• Being responsible• Setting direction• Planning and implementing

Polishing INSIDE the Kettle improves supply…

… but does not fully address the problem of use!

ITIL Prince2 CoBIT

CMMI PMBOK

Etc

Governance of IT has to deal with how organisations USE IT as well as with how IT departments operate.

Delivery

UseMany issues arise here – outside IT’s sphere of control.


Gershon’s message is not new

In the case of the ICS, there does not

appear to have been an effective structure or process to direct and control the project, nor to make

suitable risk decisions.

To fulfil this task, Customs has had at

least 10 bodies responsible for different aspects of the management and governance of the ICS, including the interactions with industry…

These bodies overlap in their responsibilities and accountabilities, and

overall the program has no single business owner and accountabilities for its delivery are unclear.

Source: The Australian IT (online) and Booz Allan Hamilton Report “Review of the Integrated Cargo System”

Change Governance

Problemon a

Massive Scale.

9:25/2


Gershon’s message is not uniqueKPMG Global IT Project Management Survey (Sep 05)

• Traditional measures of success (time and budget) are being superseded:

– “Achieving benefits – keeping commitments – is now the key determinant of project success.”

• Since 2003, performance of projects has improved marginally:

– Failure rates are still appalling;

– Many organisations do not focus on realising or measuring benefits.

• “The key element (that makes some organisations more successful) appears to be an appropriate governance framework – to complement planning and prioritisation of activities and to help ensure execution controls are in place until benefits are realised.”

• “The board must put in place, through management, a rigorous oversight framework to monitor achievement of budgets, the meeting of timelines and to help ensure that the agreed benefits are realised. To achieve this, the board must receive the right information at the right time”.

19 November, 2008

Those responsible at the top of the organisation must govern…


Corporate Governance: The System by which

entities are directed and controlled.

(Cadbury)

Governance Domains and SystemsCorporate Governance visibility and control

Management Responsibility

Information (IT) assetsFinancial

assets

Relationship assets

Humanassets

IPassets

Physicalassets

Understanding Gershon: Understanding Corporate Governance of IT.

CorporateGovernance

Corporate Management

Evaluate

Pla

ns,

Policie

s

Perf

orm

ance

Confo

rmance

Direct Monitor

Pro

posals

Projects Operations

CorporateGovernance


Evaluate

Pla

ns,

Policie

s

Perf

orm

ance

Confo

rmance

Direct Monitor

Pro

posals

Projects OperationsCorporate Governance of IT:The System by which the current and future use of IT is directed and controlled.

19 November, 2008


CorporateGovernance


Evaluate

Pla

ns,

Policie

s

Perf

orm

ance

Confo

rmance

Direct Monitor

Pro

posals

Projects Operations

The System for Governance of IT:Current and Future Use

19 November, 2008


CorporateGovernance


Evaluate

Pla

ns,

Policie

s

Perf

orm

ance

Confo

rmance

Direct Monitor

Pro

posals

Projects Operations

The System for Governance of IT:Current and Future Use

19 November, 2008

Future Use:

Business Projects

Current Use:

Business Operations


The S

yste

m o

f M

anagem

ent

Current Use:

Business Operations

The System for Governance of IT:Two domains of responsibility.

19 November, 2008

Future Use:

Business Projects

StrategicBusinessFuture

Dem

and

Supply

Effective IT enabled change

Ongoing business

operations

Dem

and

Supply

Reliable IT Service

ITIL, ISO 20000, ISO 27000, CoBiT etc

Business Domain: How IT

is used to enable and operate the

business

IT Domain: How IT is

managed and delivered.

ValIT


The S

yste

m o

f M

anagem

ent

Ongoing business operations


Supply

Supply

Reliable IT ServiceEffective IT

enabled change

Business Domain: How IT is used to enable and operate the business

IT Domain: How IT is managed and

delivered.


Dem

and

Dem

and

ValIT

CorporateGovernance Oversight

ISO 38500

Rules, Direction,Behaviour

Performance,Conformance

The System for Governance of IT:An integrated system overseen by the Board

Managem

ent

Resp

onsi

bili

tyBoard

ove

rsig

ht

The S

yst

em

of

Gove

rnance


The S

yste

m o

f M

anagem

ent

Ongoing business operations


Supply

Supply

Reliable IT ServiceEffective IT

enabled change

Business Domain: How IT is used to enable and operate the business

IT Domain: How IT is managed and

delivered.


Dem

and

Dem

and

ValIT

CorporateGovernance Oversight

ISO 38500

Rules, Direction,Behaviour

Performance,Conformance

The System for Governance of IT:An integrated system overseen by the Board

Managem

ent

Resp

onsi

bili

tyBoard

ove

rsig

ht

The S

yst

em

of

Gove

rnance

Ministers and Department Secretaries


An essential realisation in the post-Gershon era:

• IT is now a fundamental enabler of change and is leading to new business models and new business practices

– Eg e-Government

19 November, 2008

Process Structure

People

Technology

The Business System

Process Structure

People

Technology

The Business System

The Business System

Technology

People

StructureProcess

“Traditional” IT Change Project


An essential realisation in the post-Gershon era:

• IT is now a fundamental enabler of change and is leading to new business models and new business practices

– Eg e-Government

• Implementing IT enabled change involves attention to every facet of business models and practices

– Internal and external factors

19 November, 2008

• Governing IT Enabled Change involves much more than governing technology activities.

Process Structure

People

Technology

The Business System

Process Structure

People

Technology

The Business System

The Business System

Technology

People

StructureProcess

“Traditional” IT Change Project

Change Program• Business System

•Process•Technology•Structure•People

• Business Context•Process•Technology•Structure•People

ChangedProcess

ChangedStructure

ChangedPeople

ChangedTechnology

Changed Business System


The Framework for Governing IT in the post-Gershon era:

• Responsibility

• Strategy (Planning)

• Acquisition (Spending)

• Performance

• Conformance

• Human Behaviour

19 November, 2008

CorporateGovernance


Evaluate

Pla

ns,

Policie

s

Perf

orm

ance

Confo

rmance

Direct MonitorPro

posals

Projects Operations


What we have learned about the state of the art

19 November, 2008

Principles Responsibility Plan Acquire Perform Conform Human Factors

Corporate Governance of ICT - Indicators

Exemplary

Good

Basic

Weak

None

No view

Principles Responsibility Strategy Acquisition Performance Conformance Human Behaviour

RMIT and Infonomics research 2006-7. Published in “Achieving Business Sustainability” (Infonomics), and “Information Technology Entrepreneurship and Innovation”, edited by Fang Zhao, published by IGI Global, 2008.


Gershon’s recommendations address gaps in conformance to the principles

Respons-ibility

Strategy Acquisition Perform-ance

Conform-ance

Human Behaviour

Pan-government governance

X X X X X X

Agency governance

X X X X X X

BaU funding X X X X X X

APS IT Skills base

X X X X X X

Data Centres

X X X

IT Marketplace

X X X X X X

Sustain-ability

X X X X X X

19 November, 2008


Responsibility

• Ensure clearly understood (and appropriately allocated and discharged) responsibility for IT:

– Ministers set the tone for use of IT;

– Department heads ensure that IT is effective:

• Within their departments;

• Across whole of government.

– And efficient

• Not just allocating investment $:

• Achieving goals;

• Realising benefits;

• Controlling costs;

• Advancing capability and opportunity.

• Ministers and Department Heads are responsible for efficient, effective and acceptable use of IT.

19 November, 2008


Strategy (Planning)

• Plan IT (all aspects thereof) to best suit the organisation:

– The organisation is the nation and the government overall – not just the individual departments;

– Secretaries committee to set whole of government strategies

– Allocating the resources to best serve the needs of the nation;

– Seize opportunities for efficiency at whole of government level;

– Fix problem – data centres;

– Fix problem – basic business systems replicated with no genuine effort to standardise business process;

– Fix problem – plans for developing a competent internal workforce and plans for nurturing development of the domestic industry.

• Stop doing the same things over and over without improving: instead optimise the mundane and open the door to real opportunity for innovation and advancement.

19 November, 2008


Acquisition

• Acquire IT validly (decisions to allocate and spend resources on IT)

– Look for opportunities to reuse and expand benefits portfolio;

– More scrutiny of “Business as Usual”

• (Has the industry been complicit here?)

– Move government to high efficiency, rather than high cost;

– Avoid and remove barriers to entry for smaller businesses;

– Consider IT implications of changing government policy.

• Scrutinise all aspects of spend equally, and require every outlay to be properly justified. Redirect unnecessary expenditure to areas of need and opportunity. Consider do-ability as much as need and value.

19 November, 2008


Perform

• Ensure that IT performs well, whenever required (several facets – projects, systems, resources etc):

– Lift the capability of government agencies

• Relevant frameworks and standards including AS8015;

• Whole of lifecycle management including the business (demand) side;

• Capability to deliver intended outcomes and benefits of projects;

– Ensure that operational risks are known and managed

• The Canberra power grid has a single main feed!

– Ensure that staffing arrangements can serve future needs

• Knowledgeable, well trained, capable and mobile core workforce.

• Pay attention to the reality that IT is a non-negotiable imperative underpinning all government activity, and do properly the job of ensuring that it is fit for purpose.

19 November, 2008


Conform

• Ensure that IT conforms to formal rules

– A lack of relevant formal rules for government

– AGIMO lacks the authority to enforce even basic guidelines

– Ministerial committee to establish top level IT policies;

– Ministerial scrutiny of opt-out requests;

– Secretaries committee to enforce conformance.

• Effective, efficient and acceptable use of IT requires rules that are followed honestly. Individual preference is not a valid reason for breaking rules.

19 November, 2008


Human Behaviour

• Ensure that IT use respects human behaviour

– Resolve tendency to avoidance of human issues

• Over-customisation of COTS software to avoid organisational change

– Delays projects

– Increases costs

– Minimises reuse

– Blocks benefits

– Introduces future constraints.

– Properly recognise IT profession as a career

• Establish a career structure;

• Remove incentive to move to suppliers and contracting;

• Diversify locations.

• IT itself is not the issue. The key problems are with the people who should be controlling IT use, and are failing to do so, the people who are affected by IT use and who are shielded from the impact, and the people who deliver the IT capability, who are undervalued.

19 November, 2008


Where is the opportunity

• Implement Gershon‟s recommendations to:

– Become VERY Capable of delivering IT enabled change;

– Improve the business operational performance of many federal government agencies;

– Streamline and integrate public interaction with government;

– Move to a higher plane of IT use to create new capabilities for the nation;

– Make Australia significantly more competitive as a trading nation;

– Release resources from mundane activity to focus on truly significant innovation;

– Position Australia as an exemplar of good governance of IT.

• Move from a culture of waste where IT is criticised and constrained to a culture of value and performance where IT is cherished and embraced.

19 November, 2008


Top priorities of local CIOs

2006 2007 2008

Aligning IT and business goals 1 1 1

IT-enabled process improvement 4 4 2

Business continuity/risk management 2 3 3

Improving internal user satisfaction 3 2 4

Controlling IT costs 5 6 5

IT staff development 6 5 6

IT governance 8 8 7

Revenue generating services/products N/R 11 8

Measuring & communicating IT value 10 7 9

Improving project management discipline 9 9 10

Data Privacy N/R N/R 11

Regulatory compliance 11 10 12

Source: CIO Australia Magazine „State of the CIO Survey‟ (2006/7/8)


Top priorities of local CIOs

2006 2007 2008







IT governance 8 8 7






Source: CIO Australia Magazine „State of the CIO Survey‟ (2006/7/8)

2006 2007 2008







IT governance 8 8 7






the gershon report and it governance - infonomics content/documents/gershon... · ©2008infonomics...

Documents